Not doing myself any favors

I came home, and watched the rest of the presentations today.

I wasn’t feeling well. No, I don’t think I’ve got Coronavirus.

But the last firetalk was on this stupid stuff Mozilla’s (and others) have is doing with DNS-over-SSL.

The speaker brought up Cloud Flare as the DNS-over-SSL provider.

So I had to go look at the interview again.

Fuck the Neo-Nazis. But fuck guys like that, too.

Remember (or more Shmoo)

Cats hate people, and would kill them if they were big enough to do so.

Listening to this one, which ended up being more about ยง230 of the Communications Decency Act of 1996.

I’m not sure what to say about it. I get sidetracked by thinking about my idea that every law should expire after a fixed amount of time, and every regulation based on that law should similarly expire in a fixed period of time.

Then we wouldn’t have to worry about a law that’s nearly a quarter-century old in the case of the CDA.

Or care at all about any of the bad things that passed during the Wilson Administration. (See: The Jones Act, which is very bad for Hawaii and Puerto Rico).

Congress wants lots of content on the Intertubes. Well, the right content. You know, not bad stuff like prostitution ads, or kiddie pr0n.

Or Alex Jones; won’t someone think of the frogs??!?

Is there an answer? I’m skeptical, and it’s a lot easier for these 535 people to not work at all than to do anything that might not be permanent and effective.

Does there need to be protection for platforms? Yes. Are there some real problems with platforms? Yes. Have there been some instances where platforms are really overreacting due to both political and corporate pressure?

Absolutely.

The next one was this. As someone who’s not a professional code-slinger, I was having a bit of trouble following completely, and staying interested.

The commentary accompanying the livestream was fascinating.

I participated.

It is really incredible what people are doing with client-side code.

*slips on a-hole Sekurity Mastar pants*

You can fix a lot of that stuff with centralized management.

DoD, something which I am all too familiar, has managed to render nearly COTS browser basically unusable.

I’m actually okay with this.

And the next one. Very good talk, but I’m not sure I understand enough about where the “spam” calls are coming from to know whether this would actually be an effective solution.

It would seem to me that having a client/gateway setup would be nearly as effective. You could authenticate the device using something like a hardware token, then do the traffic over L2TP.

I understand there’s overhead there.

I also know that pure SIP voice traffic consumes very little bandwidth. Hell, I was doing GSM calls over a 9600bps INMARSAT connection nearly fifteen years ago.

Yes, the quality sucked.

But that was true of lots of things in 2006.

What this protocol does is encrypt the data channel, so very much like what would happen over L2TP.

Six of one, half-dozen of the other, I suppose.

Not going to write about the Firetalks. Just listen.

And the last one about robots storing data. Pepper and Mao isn’t a dish at your favorite Chinese joint.

Questions about privacy policy application; the robots are owned by someone else, and the data is sent offsite.

And you wonder why I don’t have an Alexa. Or why Siri is disabled on my Apple devices.

Her main point is she has concerns.

Maybe I’ll be feeling well enough to sit through things in person tomorrow.

I’m done for now. Hopefully I’ll be feeling well enough to venture in to the District for tomorrow’s talks.

Shmoo II; wildlife boogaloo

Watched the stream of this on moose and woodchucks.

I guess my big take-away is that in situations like that, increasing the size of the dataset actually probably does improve results.

The problem you run into, and I didn’t hear her address, is that eventually your dataset exceeds what you’ve got to analyze it.

You could build something that’s damn near perfect in differentiating between woodchucks and moose, but does that matter when it takes three years to do the analysis?

Shmoo Open

I’m watching the livestream from home because I’m not feeling well, and don’t have a bed tonight.

Of course, a lot of the standard administrivia, but Bruce did hit on some of the sorts of things I’ve been thinking and writing about for a long time.

For the vast, vast, vast majority of organizations, Infosec is a parasitic function on another parasitic function.

McDonalds doesn’t exist to do Infosec; don’t treat the folks behind the counter like morons because they don’t do Infosec.

I sure as hell couldn’t make the pink goo be very edible; why would I presume the guy who can is an idiot because he has to write down his 95-character password?

It is a tool that lets people do what they’re hired to do more effectively. If it gets to the point where we’re keeping them from operating at all, why the hell are they paying us?

And the next talk is starting, so I’m gonna go.

So Shmoo

Sitting around waiting for my short bus ride off to Shmoocon.

We’ll see how it goes.

My plan for this year is to watch, take notes, then write.

I think the past couple of times I went I laid out all the things I was going to see ahead of time, and wrote pretty much as I went.

Then I’d inevitably end up going to see something different than I’d originally planned.

I’ve perused the schedule, and put them in my phone calendar.

But there may be changes.

I just need to start drafting something as I sit there, then complete it after the talk.

I don’t have a hotel room for tonight, so I may have to take the WMATA Short Bus home tonight. We’ll see.

So off to it….

Bad News Repruhshent

I am back in Tidewater, visiting my recuperating mother, and my grandfather who came up to visit.

It is strange being here, certainly.

I’m also prepping for Shmoocon next weekend, and tying up loose ends from yet another rebuild on this server.

I can’t find a lot of what I wrote between 2015 and 2o18.

I have SQL dumps that I can pick through, but I really haven’t had the energy or patience to do it.

I am still trying, too, to really pull out everything I’d put in for a job search during my periods of unemployment.

I really do love where I work, now. I wish I was healthier so I could move off on to something they’re doing that’s different than what I’ve done since 2005.

I got distracted just now by a friend on Facebook appealing to the usual sources for fact-checking before posting of stories.

Um. Okay. So only check facts from sites that are biased as hell before you share something. Perhaps SPLC should have been on that list.

It did distract me from something else I wanted to talk about the Apple backup story.

At first, I was disturbed by this, what with AG Barr’s misguided attempts to have backdoors engineered into encryption.

That, of course, was a bit of a knee-jerk response. I’d missed the part about these backup sets being store on an iCloud Drive.

Wanna keep shit suparsekret? Encrypt it yourself, and store it on physical media under your control.

Yes, that Apple made the decision after FBI pressure bothers me, but it doesn’t change the fact that it is technically-possible to keep whatever it is you have from prying eyes, government or otherwise.